Dear, I have a CA implemented in a Debian Wheezy server and the versión of
Openssl (1.0.1) is affected by the Hearthbleed vulnerability at time to
generate our own CA certificate and the requested certificates for all the
web servers from our company.
I've just upgrade the openssl version, but
Ø do I have to regenerate my CA certificate created with the former openssl
version because of the Hearthbleed vulnerability ???
There should never be any reason for your web server to read the private key
of the CA.
So, no.
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
You do not have to regenerate the CA key or certificate.
You do have to regenerate the web server keys and certificates.
https://www.cloudflarechallenge.com/heartbleed has had multiple people
independently obtain their private key.
-Kyle H
On Fri, Apr 11, 2014 at 12:59 PM, Jeronimo L. Cabral